Data Processing Agreement

This Data Processing Agreement (“DPA”) applies to the extent Ampfer AB (“Provider”) processes personal data on behalf of its customers (“Customer”) in connection with the use of the Cloud Service.

Scope and Application

This DPA is incorporated by reference into the Provider’s Terms of Service or Master Subscription Agreement and applies whenever Provider processes personal data on behalf of Customer.

Data Processing

Provider processes personal data only as necessary to provide, maintain, and support the Cloud Service, and only on Customer’s documented instructions.

Security

Provider implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure.

Sub-processors

Provider may engage sub-processors to assist in providing the Cloud Service. Provider ensures sub-processors are bound by equivalent data protection obligations.

Data Subject Rights

Provider assists Customer in responding to data subject requests and complying with applicable data protection laws.

Data Breach Notification

Provider will notify Customer without undue delay if it becomes aware of a personal data breach affecting Customer data.

Data Deletion/Return

Upon termination of the Cloud Service, Provider will delete or return personal data as instructed by Customer, unless otherwise required by law.

International Transfers

Provider will not transfer personal data outside the EEA unless adequate safeguards are in place.

Contact

For data protection inquiries, contact: privacy@leyrs.com

By using the Cloud Service, Customer agrees to this DPA.